Internet security firm Finjan has confirmed that Google’s much talked about anti-phishing blacklist contained confidential usernames and passwords, including other confidential information of bank and financial accounts.
Yuval Ben-Itzhak, Finjan’s Chief Technology Officer said:
Finjan became aware of the problem after examining a publicly available list of URLs provided from Google’s servers. After examining the data provided in these files, Finjan found that sensitive user information was available on the web with no access protection, including emails, usernames, passwords and session tokens that could be used by hackers to compromise users’ privacy.
This issue is not as serious as the AOL one when AOL was sued by three users for releasing personal queries of its users. Google has not officially discussed this matter but they have removed the data as quietly as possible. However, it is has been reported that Google has acknowledged there lack of diligence in an email to Finjan.
Catch the snapshot of data leakage.